# What is Polymorphic Encryption?

Encryption is used to protect all kinds of data, whether in motion, in use, or at rest. Encryption uses complex algorithms to protect data from being compromised if it falls into the hands of malicious actors.  However, not all kinds of encryption secure data in the same way. Polymorphic encryption complicates the original encryption process to provide an extra layer of security for sensitive data, like card numbers, social security numbers, and personally identifiable information.

## What is Polymorphic Encryption?

### Encryption Definition

To understand polymorphic encryption, we need to understand  the basics of encryption. Encryption, at its core, is the act of converting a sensitive piece of data into a desensitized piece of data. Through algorithms and complex mathematical equations, a piece of data is changed until it is unrecognizable.

The encryption process can only be reversed with an encryption key, an important piece of information that can reverse the process correctly. By storing the information necessary for decryption away from the encrypted data, encryption is hard (although not impossible) to reverse without the key. However, encryption can still be broken without the key if a hacker has enough time and computing energy to figure out and reverse the algorithm. Certain kinds of encryption are harder to crack than others, depending on the complexity of their key. A 4-bit encryption key, for example, only has 2 to the power of 4 (16) possible combinations making it easy for a human to type out and try each possible combination. The current standard encryption key is a 256-bit key, with possible combinations in numbers only an advanced computer could generate.

The more possible combinations an encryption key has, the harder it will be for a hacker to randomly guess the characters in a brute force attack. Polymorphic encryption operates on this same principle but adds an additional twist for added security.

## Polymorphic Definition

“Polymorphic” means to exist in various forms of different types at different times. For a function (or encryption key) to be considered polymorphic it must have the ability to be used differently in different contexts.

Polymorphic encryption changes the encryption algorithm every time it is used. However, while it uses a different method, it creates a consistent key every time.

A highly simplified example of how is possible is how multiple addition problems can end in the same digit:

2+8 = 10

3+7 = 10

4+6 = 10

5+5 = 10

This is a simplified example of how polymorphic encryption can use different tactics to reach the same encryption key. Consider that even with this simple "key', 10, there are even more complex equations we could use to reach the desired result.:

2+2+2+2+2 = 10

5+2+3 = 10

3+2+2+3 = 10

4.5+3.3+1.7+0.5 = 10

You get the picture. There are many different ways to reach the same result, even when the end result is a smaller digit. A more complex process happens, with much larger numbers, to create encryption keys with polymorphic encryption.

This process adds a layer of complexity to the encryption, by changing the algorithm each time so that the algorithm is harder for a hacker to recognize. Additionally, by separating the algorithm from the results, it’s harder for a hacker to use the relationship between the algorithm and results to decrypt the data. After all, the result is reachable by a wide variety of complex equations and algorithms.

Polymorphic encryption is another advanced  encryption technique designed to keep sensitive data out of the hands of hackers. However, even polymorphic encryption can be broken. If you’re looking for an unbreakable and irreversible data security technique, tokenization may better suit your needs.

You can read more about encryption and tokenization in our eBook here: Topic(s): encryption